Two factor authentication using pam module

Robert Svensson Robert.Svensson at mideye.com
Thu Aug 28 15:00:38 CEST 2008


Hi,

I'm using the radius pam module to authenticate users connecting to an ftp server.

The proprietary radius server that we are using expects, after a successful user name / password check, an access challenge in the form numbers displayed on a token.



My problem is that I can't figure out how I should configure the pam module to handle the radius challenge.

Is this this possible at all?





The debug out put:

Aug 28 16:40:48 radiuspam vsftpd: pam_radius_auth: Got user name john

Aug 28 16:40:48 radiuspam vsftpd: pam_radius_auth: Sending RADIUS request code 1

Aug 28 16:40:49 radiuspam vsftpd: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -642636992. 

Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: Got RADIUS response code 11

Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: Got response to challenge code 3

Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: authentication failed





 As you can see, the pam module doesn't wait for user input to the challenge response (code 11). Instead, it sends an invalid challenge response that the radius server rejects.



Any help is greatly appreciated

Thanx

Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080828/0b2e69cb/attachment.html>


More information about the Freeradius-Users mailing list